Use SSH to Collect ArubaOS Network Appliance Information

PreviousArubaOS NextAdd the ArubaOS Credentials to Epiphany

Last updated 2 years ago

Use SSH to Collect ArubaOS Network Appliance Information

This feature is in Early Release/BETA. Please contact your Epiphany Systems support or sales contact to learn more.

This document is under construction. Please excuse our dust.

SSH Collection

Epiphany has the capability to extract network appliance information via Secure Shell (SSH). The SSH collectors will establish a SSHv2 session with the appliances and run the needed ‘display’ commands for data collection.

There is also a process for of the network configurations following this section.

If a user is ready and SSHv2 is enabled, please proceed to the section.

Create a New ArubaOS User

Step 1:

Log into the ArubaOS switch command-line interface (CLI) using your assigned credentials.
Enter the CLI commands shown below to create a user with the required privileges. Items labeled with a set of “<>” around them have additional explanations below the command block in the "!" tip.

Command Breakdown with Variable Configurations

config
password operator user-name <username> plaintext <password>
aaa authorization commands <local/radius/tacacs>
aaa authorization group <group> 1 match-command “command:<show command>” permit log
exit
write memory

username: The recommended username is epiphany.

password: Ensure the password meets your organization’s password policy.

group: The recommended group name is epiphany-group.

Example Commands Using the Suggested <username>,<password>, and <group>

Config
Password operator user-name epiphany plaintext supersecretpassword
aaa authorization commands local
aaa authorization group epiphany_group 1 match-command “command:show running-configuration” permit log
aaa authorization group epiphany_group 2 match-command “command:show ip route” permit log
aaa authorization group epiphany_group 3 match-command “command:show arp” permit log
aaa authorization group epiphany_group 4 match-command “command:show vlans” permit log
aaa authorization group epiphany_group 5 match-command “command:show cdp neighbors” permit log
aaa authorization group epiphany_group 6 match-command “command:show lldp remote-device” permit log
aaa authorization group epiphany_group 7 match-command “command:show version” permit log
exit
Write memory

You can also create users in an AAA Server.

These privileges are made to provide Epiphany with the least-privileged rights to perform its tasks.

Enable SSHv2

Step 2:

Enter the CLI commands shown below to enable SSHv2 on the ArubaOS switch appliance. Items labeled with an “*” have additional explanations below the command block in the "!" tip.

Config
Crypto key generate ssh
Ip ssh
*no telnet-server

If telnet is needed for this appliance do not run this command.

JSON Storage of Network Credentials

Step 3:

The username, password, and IP address need to be stored in a JSON file in the format shown below. Ensure this data is stored in a secure location prior to uploading it Epiphany.

JSON File Example

{"ip":"192.168.0.1", 
    "user":"username", 
    "passw":"password123"}, 
{"ip":"192.168.0.2", 
    "user":"username", 
    "passw":"password123"}

PreviousArubaOS NextAdd the ArubaOS Credentials to Epiphany

Last updated 2 years ago

This feature is in Early Release/BETA. Please contact your Epiphany Systems support or sales contact to learn more.

This document is under construction. Please excuse our dust.

SSH Collection

There is also a process for of the network configurations following this section.

If a user is ready and SSHv2 is enabled, please proceed to the section.

Create a New ArubaOS User

Step 1:

Log into the ArubaOS switch command-line interface (CLI) using your assigned credentials.
Enter the CLI commands shown below to create a user with the required privileges. Items labeled with a set of “<>” around them have additional explanations below the command block in the "!" tip.

Command Breakdown with Variable Configurations

config
password operator user-name <username> plaintext <password>
aaa authorization commands <local/radius/tacacs>
aaa authorization group <group> 1 match-command “command:<show command>” permit log
exit
write memory

username: The recommended username is epiphany.

password: Ensure the password meets your organization’s password policy.

group: The recommended group name is epiphany-group.

Example Commands Using the Suggested <username>,<password>, and <group>

Config
Password operator user-name epiphany plaintext supersecretpassword
aaa authorization commands local
aaa authorization group epiphany_group 1 match-command “command:show running-configuration” permit log
aaa authorization group epiphany_group 2 match-command “command:show ip route” permit log
aaa authorization group epiphany_group 3 match-command “command:show arp” permit log
aaa authorization group epiphany_group 4 match-command “command:show vlans” permit log
aaa authorization group epiphany_group 5 match-command “command:show cdp neighbors” permit log
aaa authorization group epiphany_group 6 match-command “command:show lldp remote-device” permit log
aaa authorization group epiphany_group 7 match-command “command:show version” permit log
exit
Write memory

You can also create users in an AAA Server.

These privileges are made to provide Epiphany with the least-privileged rights to perform its tasks.

Enable SSHv2

Step 2:

Enter the CLI commands shown below to enable SSHv2 on the ArubaOS switch appliance. Items labeled with an “*” have additional explanations below the command block in the "!" tip.

Config
Crypto key generate ssh
Ip ssh
*no telnet-server

If telnet is needed for this appliance do not run this command.

JSON Storage of Network Credentials

Step 3:

The username, password, and IP address need to be stored in a JSON file in the format shown below. Ensure this data is stored in a secure location prior to uploading it Epiphany.

JSON File Example

{"ip":"192.168.0.1", 
    "user":"username", 
    "passw":"password123"}, 
{"ip":"192.168.0.2", 
    "user":"username", 
    "passw":"password123"}